How to suppress the number of InTrust Real-Time Monitoring alerts that are sent (148894)

Title

How to suppress the number of InTrust Real-Time Monitoring alerts that are sent

Description

After configuring InTrust Real-Time Monitoring alerts, administrators may notice common events that they would like suppressed.

Resolution

InTrust Real-Time Monitoring rules have an Alert Suppression option to specify whether to suppress duplicate alerts and define what alerts are considered duplicates. Suppressing an alert means adding it to a list of similar alerts rather than considering it a separate alert.

Configure Alert Suppression by following these steps:

In InTrust Manager, go to "Real-Time Monitoring | Rules" and locate the rule to edit

Right click the Real-Time Monitoring rule and select "Properties"

Click the "Alert" tab

Click the "Alert Suppression..." button

Enable the "Suppress duplicate alerts" box

Select what fields to use to suppress the alerts in the "Suppress by fields" list